Just an idea, as I do not know how difficult it will be to implement, and I am not adept enough in Ruby to code it myself.
Signing RPM's is a great way to trust the packages you are installing, and just good practice all around.
Thanks for the idea! Someone will surely need this and patch it in if I don't get to it first :)
any news on this? also is there a way to sign DEB files today? cant find it or should this ticket include both?
I haven't had energy to write this feature yet for RPM. Same for deb, though with debs I have found that in practice, nobody signs their debs, but many sign apt repos - even debian/ubuntu upstream only sign the apt repo listings, not the packages themselves.
Feel free to file a separate ticket for deb package signing :)
Just need to pass --sign to rpmbuild via a command line switch, there is nothing else that can be done by fpm.